f00d62920a85de49150e374002325385a8a07f41f26144a946dc22471f7904f9

Sharing

Copy URL Twitter E-mail

General

Target

f00d62920a85de49150e374002325385a8a07f41f26144a946dc22471f7904f9
Size

320KB
MD5

c485536696a9118c7437da725e810e1f
SHA1

3e8fa517c8a8a3a89a7631a78b9142f530944f03
SHA256

f00d62920a85de49150e374002325385a8a07f41f26144a946dc22471f7904f9
SHA512

8f5b6e143b4d813bb3c0ffbb56a7557950c9ef9f2eccfd34274a99c4bc12639155cdd0ccd65a7e506bfcb7793fdc6e97dc2060a85e4f769be40a4f5d24a551f3
SSDEEP

6144:EkxNJpG1JGrTveTUwNAB75uCugZMzU1XtCw1dGqWIkZV:EkbJxT685uCu3zUrCw1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f00d62920a85de49150e374002325385a8a07f41f26144a946dc22471f7904f9

Files

f00d62920a85de49150e374002325385a8a07f41f26144a946dc22471f7904f9
.exe windows:6 windows x86 arch:x86

8f57e8f958548b715e27fda6d820be3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\dev\_r\27\src\pxips\pxi_platform_services_distribution\pxiChassisManagementService\objects\pxiChassisManagementService\win32U\i386\msvc-14.0\release\out\nipxicms.pdb

Imports

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegisterServiceCtrlHandlerExA
SetServiceStatus
StartServiceCtrlDispatcherA
OpenProcessToken
CopySid
EqualSid
GetLengthSid
GetTokenInformation
ConvertSidToStringSidA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityInfo

kernel32

GetCurrentProcessId
TerminateProcess
QueryPerformanceCounter
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
Sleep
DeleteCriticalSection
GetSystemFirmwareTable
GetLastError
LocalFree
FormatMessageA
GetProcAddress
FreeLibrary
LoadLibraryExW
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileW
FindNextFileW
FindClose
WaitForSingleObject
SetEvent
CloseHandle
CreateEventA
FindFirstFileA
LoadLibraryExA
SetThreadPriority
GetThreadPriority
RaiseException
GetCurrentThreadId
OutputDebugStringA
MoveFileExA
CreateFileA
FlushFileBuffers
ReadFile
GetOverlappedResult
ResetEvent
CreateNamedPipeA
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
WriteFile
WaitNamedPipeA
ConnectNamedPipe
CancelIo
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx

wsock32

htonl
ntohs
ntohl
htons

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_BADOFF@std@@3_JB
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?classic@locale@std@@SAABV12@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_current_owns
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_timedwait
_Cnd_signal
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Syserror_map@std@@YAPBDH@Z
_Cnd_broadcast
?_Xbad_alloc@std@@YAXXZ

vcruntime140

memchr
strrchr
strchr
strstr
_CxxThrowException
__std_terminate
memcpy
memset
__vcrt_InitializeCriticalSectionEx
_except_handler4_common
__std_type_info_compare
_purecall
__std_exception_copy
__CxxFrameHandler3
memmove
__std_exception_destroy
_except_handler3

api-ms-win-crt-runtime-l1-1-0

__p___argv
_beginthreadex
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_controlfp_s
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_invalid_parameter_noinfo_noreturn
_errno
__p___argc
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-stdio-l1-1-0

_wfopen
__stdio_common_vsscanf
fopen
_get_osfhandle
fwrite
fclose
_set_fmode
_fileno
__stdio_common_vsnprintf_s
fflush
ferror
__stdio_common_vsprintf_s
__p__commode
fseek
__stdio_common_vsprintf
fread

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
free
malloc
calloc
_set_new_mode

api-ms-win-crt-string-l1-1-0

strncpy
isxdigit
strncat
isdigit
toupper
strcpy_s
isspace
strncpy_s
strncmp
iscntrl

api-ms-win-crt-convert-l1-1-0

strtoul
strtol

api-ms-win-crt-filesystem-l1-1-0

remove
_splitpath

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8f57e8f958548b715e27fda6d820be3f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

wsock32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 220KB - Virtual size: 219KB

.rdata Size: 62KB - Virtual size: 61KB

.data Size: 15KB - Virtual size: 17KB

.gfids Size: 512B - Virtual size: 76B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 62KB - Virtual size: 61KB

.data
Size: 15KB - Virtual size: 17KB

.gfids
Size: 512B - Virtual size: 76B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 19KB - Virtual size: 18KB